If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Broadcom bcm4313 wl not work for mon/inject

Problem:
BCM4313 802.11b/g LP-PHY [14e4:4727] chip is picked up by "wl" driver by default. it works well for normal usage, but rfmon/injection is NOT possible with this driver on this chipset.

Possible solution could be using b43 driver module instead, which I tried almost any trick/method on internet for that. b43 successfully loads, but it`s not picking up the chip and so no interface. no result with iwconfig , and no luck with trying aliases.

What I've tried with no success:
-Modifying module blacklists, trying to keep wl from loading
-completely removing wl, and installing b43 revisions.
-based on broadcom & linux kernel docs, broadcom-wl-4.178.10.4 should work, but it does not.
-no success even with broadcom-wl-4.150.10.5
-No success with recompiling broadcom driver from scratch and inserting module.
-No success on trying above tests on a clean Ubuntu Maveric (10.10)
-No success on multiple recent kernel versions
-No success on using pre-compiled ubuntu driverts for installed kernels
-- firmware-b43-lpphy-installer from ubuntu repository seems to be the one, but prior installation it checks the chip version and stop if it`s anything but bcm4312. 4313 is also a LP PHY chip, but is not supported by this package.

**I've another bcm4312 card that works flawlessly in both backtrack and clean Maveric, as it`s picked up by b43 driver, NOT damned wl .

Re: Broadcom bcm4313 wl not work for mon/inject

Re: Broadcom bcm4313 wl not work for mon/inject

I have this same card "Broadcom Corporation BCM4313 802.11b/g LP-PHY [14e4:4727] (rev 01)" on my laptop, and was able to get it working under Ubuntu 10.10 using an early version of the brcm80211 driver (see brcm80211 - Linux Wireless).

I spent close to an hour shortly after it was added to the staging-next branch and managed to compile it against 2.6.35.4 (not sure about the .4 part however). Unfortunately, it wasn't especially stable and got some kernel oops on suspend. After that, I went back to using the wl module.

Recent changes don't look like they could have improved the stability of the driver by much, so I'd advise against using it for now.

With the above said, if you're feeling adventurous you can build the driver as follows:
0. Make sure you have the `base-devel' group installed, along with `kernel26-headers' (preferably version 2.6.35.6-2 as 2.6.35.6-1 had some issues) and `linux-firmware' 20100911-1 (the one in [core] doesn't contain the firmware files for brcm80211 AFAIK).
1. Grab just the brcm80211 directory from the staging-next branch by clicking the `snapshot' link on this page (git.kernel.org - linux/kernel/git/gregkh/staging-next-2.6.git/tree - drivers/staging/brcm80211/).
2. Extract the compressed tarball and then open a terminal inside the staging-next-2.6-x directory that gets created.
3. Change the Makefile a little by running `curl -s http://ompldr.org/vNW82NA/Makefile.patch | patch -Np0'. After that, run `make'.
4. Now, you should have the compiled module `brcm80211.ko' in the current directory, which you can copy into `/lib/modules/2.6.35-ARCH/updates/'. (Create the updates directory if it doesn't exist.)

I didn't test the above steps thoroughly and I'm not certain this is the correct way to build the driver. However, I believe it'll get you a working kernel module.

To sum that up for Ubuntu, I did:

1) download the brcm80211 driver from git (see above)
2) download the kernel headers:
[sudo apt-get install kernel-package]
3) extract the drivers and fix the makefile to remove the if-statement and replace the old paths to reflect your new folder structure (the above Makefile.patch didn't work for me, $PWD was giving random build errors until I replaced it with the full driver source directory)
4) build the driver
[sudo make]
5) install the driver, making sure mac80211 is running first or you'll get errors
[sudo modprobe mac80211 && sudo insmod brcm80211.ko]

Re: Broadcom bcm4313 wl not work for mon/inject

The brcm80211 driver is currently incomplete, so if you try to run airodump/aireplay you'll see that it's stuck in channel -1.
If you look into one of the source code files, the switch handler for monitor mode is left blank. I tried adapting the code from channel-negative-one-maxim.patch (works with compat driver) into the source code and recompiled it, but it didn't help. You're welcome to try it too.
I've been working on this issue on and off for about two months now. It seems like I just have to wait for brcm80211 to get better as time goes on.

Re: Broadcom bcm4313 wl not work for mon/inject

Originally Posted by Lupius

The brcm80211 driver is currently incomplete, so if you try to run airodump/aireplay you'll see that it's stuck in channel -1.
If you look into one of the source code files, the switch handler for monitor mode is left blank. I tried adapting the code from channel-negative-one-maxim.patch (works with compat driver) into the source code and recompiled it, but it didn't help. You're welcome to try it too.
I've been working on this issue on and off for about two months now. It seems like I just have to wait for brcm80211 to get better as time goes on.

Airodump to be specific, switch channels and detect traffic as expected,
But it`s not the case for me in Aireplay , and I guess it was cus of unpatched kernel code I was running on , not the brcm80211 itself?
I cant recall if current brcm80211 supports injection nor if aireplay attacks promised to work on this driver.

Hope other people get their hands dirty too, and report their test results here.

Re: Broadcom bcm4313 wl not work for mon/inject

Confirmed.

The latest build of the brcm80211 driver no longer has the channel -1 bug. Hooray!

Scratch that. After some testing, I found that the new drivers only made "Fixed channel: -1" disappear in airmon-ng. The bug is still present in aireplay-ng: "mon0 is on channel -1, but hte AP uses channel 5"

Update:

Been working at it all night. I fixed the channel -1 problem after downloading the latest compat source files and applying Maxim's patch, then recompiling the whole thing. Now I'm simply left with the problem of not being able to capture data packets. My airmon-ng shows 0 under the #Data column for all APs all the time. My aireplay-ng attacks can all be run, but they get stuck on forever reading packets...

Re: Broadcom bcm4313 wl not work for mon/inject

Problem:
BCM4313 802.11b/g LP-PHY [14e4:4727] chip is picked up by "wl" driver by default. it works well for normal usage, but rfmon/injection is NOT possible with this driver on this chipset.

Possible solution could be using b43 driver module instead, which I tried almost any trick/method on internet for that. b43 successfully loads, but it`s not picking up the chip and so no interface. no result with iwconfig , and no luck with trying aliases.